Cellcrypt Launches Encrypted Voice Calling for iPhones. Cellcrypt Mobile provides encrypted voice calling for off-the-shelf cell phones using government-certified security in an easy-to-use downloadable application that makes highly secure calling as easy as making or placing a normal phone call. It is a software-only solution that uses the IP data channel of cellular (2G, 3G, 4G), Wi-Fi and satellite networks and can be deployed to personnel anywhere in the world in as little as 10 minutes.

Cellcrypt is the leading provider of voice call encryption on off-the-shelf mobile phones – including Android™ BlackBerry®, iPhone® and Nokia® smartphones – that enables secure calling to mobile phones and office phone systems (PBXs) to allow landline calling as well as access to standard PBX features such as voicemail, conference calling and calling out to the public phone network. You may want this if you need to keep private and sensitive conversations protected from cell phone interception, especially if you travel abroad where this is common practice.

Device Attacks: One method of interception that bypasses the call entirely is by placing a listening device (hardware or software) in the mobile phone, which monitors the microphone and speaker, and records or forwards the call to the eavesdropper. Active Attacks: This attack uses a radio scanner to intercept and manipulate the radio signal between the mobile phone and the cellular base station tower. It exploits a particular weakness of some cellular systems whereby mobile phones do not check the authenticity of base stations that they connect with. Because mobile phones continually scan radio waves and switch to base stations with the strongest signals, it is easy for a scanner that impersonates a base station to cause all mobile phones in an area log on to it simply by transmitting the strongest signal. Once a scanner has control of a connected mobile phone, it then manipulates communications in several different ways. First and most simply, it can redirect outgoing calls from the mobile phone through its own communication channel and record the call. If standard encryption (as deployed by carriers) is being used then this attack is able to instruct the mobile phone to turn its encryption off, thereby bypassing the normal encryption between the phone and the base station. The unencrypted call is then readily eavesdropped. Hackers have demonstrated simultaneous interception of hundreds of mobile phones in this way using a software defined radio transceiver costing less than $1,500, and also four hacked mobile phones as transceivers, each costing $15. The software is open source and free to download. Network Attacks: Exploits network hardware such as base stations or microwave repeaters where encryption is not used Passive attacks: This method also intercepts the radio signal between the mobile phone and the base station but simply decodes the signals without needing to interfere with them. Passive scanners contain advanced processing software that can be run on a laptop and a programmable radio receiver and antenna. Without disturbing the normal operations of the cellular network, the passive scanner listens to the radio waves of the mobile phone call and processes them. Depending on the sophistication of equipment used, individual calls can be targeted or multiple calls harvested. This attack is particularly dangerous because it is impossible to detect, however it is also challenging because it has to break the call encryption. Insider Attacks: One common method of interception exploits the internal infrastructure of telecommunication networks, which can often prove to be the most vulnerable part of the call path. These networks decrypt calls at the base station so that they are transmitted onwards across fixed lines as unencrypted calls and can be intercepted by internal staff who have been bribed, threatened, coerced or even joined the company specifically to make an attack. Alternatively, compromises have occurred at the bases stations and within repeater equipment that use unencrypted microwave signals. Additionally, internal systems – including lawful intercept systems – used to monitor and manage the calls may be subverted to illegally intercept calls.

At the same time as the threat level increasing, the use of cell phones for discussing sensitive and confidential information has also increased, even among government employees, due to the ease of use, ubiquity and interoperability of mobile phones. This leads to an increased need for government-grade end-to-end protection that provides assurance that call security is controlled along all points of the call path between caller and recipient and risks are adequately mitigated in compliance with internal security policies.

Cellcrypt Mobile provides encrypted voice calling for off-the-shelf cell phones using government-certified security in an easy-to-use downloadable application that makes highly secure calling as easy as making or placing a normal phone call. It is a software-only solution that uses the IP data channel of cellular (2G, 3G, 4G), Wi-Fi and satellite networks and can be deployed to personnel anywhere in the world in as little as 10 minutes.

Cellcrypt has launched Cellcrypt Mobile™ for iPhone® , a version of its encrypted voice calling application that runs on iPhones operating over Wi-Fi™, GSM and CDMA wireless networks. Cellcrypt Mobile for iPhone is available immediately and is interoperable with Cellcrypt running on other devices such as Android™, BlackBerry®, and Nokia® smartphones on GSM networks.

It’s a standard downloadable app. To make a call click on the app icon.

This opens your secure address book

Press on the contact name to make a call

Press on the phone icon to make a call, or…

… use the key pad to dial the number in the normal way.

What is happening here is that the phones are authenticating each and generating a secret key that they share to encrypt and decrypt the voice call. Cellcrypt uses strong cryptographic protocols recommended by governments to do this including 2048-bit RSA and ECDSA for authentication and Elliptic Curve Diffie Hellman and RSA for key exchange. When the call connects the audio is encrypted on one phone using the secret key, sent across the internet as IP traffic, and decrypted on the other phone. The app is unique in that it first encrypts the voice with 256-bit AES and then re-encrypts it a second time using 256-bit RC4. Until the channel is secure the other phone will not start ringing.

The other device is running Cellcrypt Mobile in idle mode but after the channel is secured then it wakes up and rings. To answer accept the call in the usual way.

The call is encrypted end-to-end which is important because nothing else has access to the keys and even if the call were intercepted it could still not be decrypted and would remain unintelligible and secure.